Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux

[karo-tx-linux.git] / include / linux / cred.h

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 8b6c083e68a7338c4b5eee9938cc73f40c7faa19..8d70e1361ecd0ee01b4f11380623ada6a7751888 100644 (file)
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -137,6 +137,7 @@ struct cred {
        kernel_cap_t    cap_permitted;  /* caps we're permitted */
        kernel_cap_t    cap_effective;  /* caps we can actually use */
        kernel_cap_t    cap_bset;       /* capability bounding set */
+       kernel_cap_t    cap_ambient;    /* Ambient capability set */
 #ifdef CONFIG_KEYS
        unsigned char   jit_keyring;    /* default keyring to attach requested
                                         * keys to */
@@ -212,6 +213,13 @@ static inline void validate_process_creds(void)
 }
 #endif
 
+static inline bool cap_ambient_invariant_ok(const struct cred *cred)
+{
+       return cap_issubset(cred->cap_ambient,
+                           cap_intersect(cred->cap_permitted,
+                                         cred->cap_inheritable));
+}
+
 /**
  * get_new_cred - Get a reference on a new set of credentials
  * @cred: The new credentials to reference